sshkey_unshield_private() contains a exact duplicate of the code in

private2_check_padding(). Pull private2_check_padding() up so the code
can be reused. From Martin Vahlensieck, ok deraadt@

diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c
index cdc29e5..47864e6 100644 (file)
--- a/usr.bin/ssh/sshkey.c
+++ b/usr.bin/ssh/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.120 2022/01/06 22:05:42 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.121 2022/05/05 01:04:14 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -2079,14 +2079,38 @@ sshkey_shield_private(struct sshkey *k)
        return r;
 }
 
+/* Check deterministic padding after private key */
+static int
+private2_check_padding(struct sshbuf *decrypted)
+{
+       u_char pad;
+       size_t i;
+       int r;
+
+       i = 0;
+       while (sshbuf_len(decrypted)) {
+               if ((r = sshbuf_get_u8(decrypted, &pad)) != 0)
+                       goto out;
+               if (pad != (++i & 0xff)) {
+                       r = SSH_ERR_INVALID_FORMAT;
+                       goto out;
+               }
+       }
+       /* success */
+       r = 0;
+ out:
+       explicit_bzero(&pad, sizeof(pad));
+       explicit_bzero(&i, sizeof(i));
+       return r;
+}
+
 int
 sshkey_unshield_private(struct sshkey *k)
 {
        struct sshbuf *prvbuf = NULL;
-       u_char pad, *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
+       u_char *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
        struct sshcipher_ctx *cctx = NULL;
        const struct sshcipher *cipher;
-       size_t i;
        struct sshkey *kswap = NULL, tmp;
        int r = SSH_ERR_INTERNAL_ERROR;
 
@@ -2148,16 +2172,9 @@ sshkey_unshield_private(struct sshkey *k)
        /* Parse private key */
        if ((r = sshkey_private_deserialize(prvbuf, &kswap)) != 0)
                goto out;
-       /* Check deterministic padding */
-       i = 0;
-       while (sshbuf_len(prvbuf)) {
-               if ((r = sshbuf_get_u8(prvbuf, &pad)) != 0)
-                       goto out;
-               if (pad != (++i & 0xff)) {
-                       r = SSH_ERR_INVALID_FORMAT;
-                       goto out;
-               }
-       }
+
+       if ((r = private2_check_padding(prvbuf)) != 0)
+               goto out;
 
        /* Swap the parsed key back into place */
        tmp = *kswap;
@@ -3966,9 +3983,9 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob,
        explicit_bzero(salt, sizeof(salt));
        if (key != NULL)
                freezero(key, keylen + ivlen);
-       if (pubkeyblob != NULL) 
+       if (pubkeyblob != NULL)
                freezero(pubkeyblob, pubkeylen);
-       if (b64 != NULL) 
+       if (b64 != NULL)
                freezero(b64, strlen(b64));
        return r;
 }
@@ -4195,31 +4212,6 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase,
        return r;
 }
 
-/* Check deterministic padding after private key */
-static int
-private2_check_padding(struct sshbuf *decrypted)
-{
-       u_char pad;
-       size_t i;
-       int r = SSH_ERR_INTERNAL_ERROR;
-
-       i = 0;
-       while (sshbuf_len(decrypted)) {
-               if ((r = sshbuf_get_u8(decrypted, &pad)) != 0)
-                       goto out;
-               if (pad != (++i & 0xff)) {
-                       r = SSH_ERR_INVALID_FORMAT;
-                       goto out;
-               }
-       }
-       /* success */
-       r = 0;
- out:
-       explicit_bzero(&pad, sizeof(pad));
-       explicit_bzero(&i, sizeof(i));
-       return r;
-}
-
 static int
 sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
     struct sshkey **keyp, char **commentp)